im having a little trouble with the shortcut module it completed but the computer restarted I cant find the report so started the clean again
CONDUIT MALWARE
- Thread starter marcuspassey
- Start date
I repeat : It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.
perhaps you didn't configure it like the image..?
ok it doesn't matter , that 's ok
uninstall Java it's not up to date keep juste Java 7 Update 51
You 'd better install a real antivirus ( Like Avast or...) , cause McAfee Security Scan is very useless
====
copy and paste all this bold text under "Personnalization" in OTL and click on " Run Fix"
:OTL
SRV - [2014/01/16 00:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\vinceturk@gmail.com: C:\Program Files (x86)\KwiClick LLC\KwiClick\ [2013/11/11 19:10:07 | 000,000,000 | ---D | M]
[2013/11/07 20:46:26 | 000,007,660 | ---- | M] () (No name found) -- C:\Users\marcuspassey\AppData\Roaming\Mozilla\Firefox\Profiles\9jl0hjl9.default-1372188750837\Extensions\firefox@browsebeyond.net.xpi
[2013/11/07 20:46:26 | 000,007,660 | ---- | M] () (No name found) -- C:\Users\marcuspassey\AppData\Roaming\Mozilla\Firefox\Profiles\llgjaj9t.default\extensions\firefox@browsebeyond.net.xpi
CHR - Extension: McAfee Security Scan+ = C:\Users\marcuspassey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{673b7dce-9a3f-11e0-8e6f-b8ac6f9b6f7b}\Shell - "" = AutoRun
O33 - MountPoints2\{673b7dce-9a3f-11e0-8e6f-b8ac6f9b6f7b}\Shell\AutoRun\command - "" = I:\setup.exe -a
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe - (McAfee, Inc.)
MsConfig:64bit - StartUpReg: mcpltui_exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= - File not found
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
[2014/02/17 17:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/02/17 17:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2014/03/06 20:28:11 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/02/17 17:02:10 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/10/18 21:34:27 | 083,023,306 | ---- | C] () -- C:\ProgramData\kcehcuj.pad
[2012/04/07 17:58:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\-4p0s7wdEAiunln
[2012/04/07 17:57:52 | 000,000,256 | ---- | C] () -- C:\ProgramData\4p0s7wdEAiunln
[2012/02/09 17:44:30 | 000,005,104 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2010/07/19 19:59:09 | 000,072,080 | ---- | C] () -- C:\Users\marcuspassey\g2mdlhlpx.exe
[2010/07/09 16:44:00 | 031,494,960 | ---- | C] () -- C:\Users\marcuspassey\snagit.exe
[2013/06/24 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\NetAssistant
[2013/04/19 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\TubeSeoCommando.exe
[2012/05/10 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\Qya
[2013/12/15 00:10:52 | 000,000,000 | ---D | M] -- C:\9ddfc97fd6bf90cac4021d9f81c6
[2011/09/17 12:47:12 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\Sti_Trace.log
[2012/06/29 13:00:16 | 000,000,064 | ---- | M] () -- C:\ProgramData\yqngljsl.log
[2012/12/09 20:06:17 | 000,000,000 | ---D | M] -- C:\ProgramData\7EAB15720262BC3400007EAA96D2C790
[2012/05/10 15:29:34 | 000,000,000 | ---D | M] -- C:\ProgramData\B7E8586B0F2FB8D85FA018F0B4EB2367
[2013/11/11 19:11:15 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee Security Scan
[2012/06/29 13:02:54 | 000,164,311 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\axwgtjee.log
[2012/06/29 13:02:52 | 000,003,315 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\empvysbc.log
[2012/06/29 13:13:23 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\jerecrma.log
[2012/06/29 13:13:56 | 000,000,024 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\lpfinuok.log
[2012/06/29 13:00:38 | 000,415,424 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\mgjvjrvh.log
[2012/06/29 13:07:39 | 000,531,161 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\ndclhyyb.log
[2012/06/29 13:00:38 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\nuqrauhv.log
[2012/06/29 13:00:27 | 000,004,048 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\qyadsnff.log
[2012/06/29 13:02:54 | 000,002,840 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\xfgjhkax.log
[2012/05/17 07:00:25 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\ClickAds_Marketing
[2013/11/11 15:11:50 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\CRE
[2013/09/16 20:07:21 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\avgchrome
[2013/11/11 17:13:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Browsebeyond
:reg
[-HKEY_CURRENT_USER\Software\(null)]
[-HKEY_CURRENT_USER\Software\WhiteSmoke]
[-HKEY_CURRENT_USER\Software\TubeSEOCommando]
:files
C:\install.*
C:\Users\marcuspassey\AppData\Local\{*}
:commands
[emptytemp]
attach the log after reboot.
I think you're infected bye Ramnit too
ok it doesn't matter , that 's ok
uninstall Java it's not up to date keep juste Java 7 Update 51
You 'd better install a real antivirus ( Like Avast or...) , cause McAfee Security Scan is very useless
====
copy and paste all this bold text under "Personnalization" in OTL and click on " Run Fix"
:OTL
SRV - [2014/01/16 00:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\vinceturk@gmail.com: C:\Program Files (x86)\KwiClick LLC\KwiClick\ [2013/11/11 19:10:07 | 000,000,000 | ---D | M]
[2013/11/07 20:46:26 | 000,007,660 | ---- | M] () (No name found) -- C:\Users\marcuspassey\AppData\Roaming\Mozilla\Firefox\Profiles\9jl0hjl9.default-1372188750837\Extensions\firefox@browsebeyond.net.xpi
[2013/11/07 20:46:26 | 000,007,660 | ---- | M] () (No name found) -- C:\Users\marcuspassey\AppData\Roaming\Mozilla\Firefox\Profiles\llgjaj9t.default\extensions\firefox@browsebeyond.net.xpi
CHR - Extension: McAfee Security Scan+ = C:\Users\marcuspassey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{673b7dce-9a3f-11e0-8e6f-b8ac6f9b6f7b}\Shell - "" = AutoRun
O33 - MountPoints2\{673b7dce-9a3f-11e0-8e6f-b8ac6f9b6f7b}\Shell\AutoRun\command - "" = I:\setup.exe -a
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe - (McAfee, Inc.)
MsConfig:64bit - StartUpReg: mcpltui_exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= - File not found
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
[2014/02/17 17:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/02/17 17:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2014/03/06 20:28:11 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/02/17 17:02:10 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/10/18 21:34:27 | 083,023,306 | ---- | C] () -- C:\ProgramData\kcehcuj.pad
[2012/04/07 17:58:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\-4p0s7wdEAiunln
[2012/04/07 17:57:52 | 000,000,256 | ---- | C] () -- C:\ProgramData\4p0s7wdEAiunln
[2012/02/09 17:44:30 | 000,005,104 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2010/07/19 19:59:09 | 000,072,080 | ---- | C] () -- C:\Users\marcuspassey\g2mdlhlpx.exe
[2010/07/09 16:44:00 | 031,494,960 | ---- | C] () -- C:\Users\marcuspassey\snagit.exe
[2013/06/24 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\NetAssistant
[2013/04/19 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\TubeSeoCommando.exe
[2012/05/10 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\Qya
[2013/12/15 00:10:52 | 000,000,000 | ---D | M] -- C:\9ddfc97fd6bf90cac4021d9f81c6
[2011/09/17 12:47:12 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\Sti_Trace.log
[2012/06/29 13:00:16 | 000,000,064 | ---- | M] () -- C:\ProgramData\yqngljsl.log
[2012/12/09 20:06:17 | 000,000,000 | ---D | M] -- C:\ProgramData\7EAB15720262BC3400007EAA96D2C790
[2012/05/10 15:29:34 | 000,000,000 | ---D | M] -- C:\ProgramData\B7E8586B0F2FB8D85FA018F0B4EB2367
[2013/11/11 19:11:15 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee Security Scan
[2012/06/29 13:02:54 | 000,164,311 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\axwgtjee.log
[2012/06/29 13:02:52 | 000,003,315 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\empvysbc.log
[2012/06/29 13:13:23 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\jerecrma.log
[2012/06/29 13:13:56 | 000,000,024 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\lpfinuok.log
[2012/06/29 13:00:38 | 000,415,424 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\mgjvjrvh.log
[2012/06/29 13:07:39 | 000,531,161 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\ndclhyyb.log
[2012/06/29 13:00:38 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\nuqrauhv.log
[2012/06/29 13:00:27 | 000,004,048 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\qyadsnff.log
[2012/06/29 13:02:54 | 000,002,840 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\xfgjhkax.log
[2012/05/17 07:00:25 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\ClickAds_Marketing
[2013/11/11 15:11:50 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\CRE
[2013/09/16 20:07:21 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\avgchrome
[2013/11/11 17:13:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Browsebeyond
:reg
[-HKEY_CURRENT_USER\Software\(null)]
[-HKEY_CURRENT_USER\Software\WhiteSmoke]
[-HKEY_CURRENT_USER\Software\TubeSEOCommando]
:files
C:\install.*
C:\Users\marcuspassey\AppData\Local\{*}
:commands
[emptytemp]
attach the log after reboot.
I think you're infected bye Ramnit too
Last edited:
You may also like...
-
Help: Comodo 2025 - cmdguard.sys - boot fail with newer Nvidia drivers- Started by Something-x2
- Replies: 33
-
Orion Malware Cleaner (OMC) - By Trident- Started by Trident
- Replies: 23
-
-
SOpera One R3 arrives with new AI, Google integrations, and more
- Started by Santiago Benavides García
- Replies: 0
-
McAfee Protection (Plus Plans, Total Protection, LiveSafe)
- Started by Trident
- Replies: 413